Organizations attempting to combat cyber-attacks have an interest in knowing whether malicious files are targeted to a specific recipient. Conventionally, this determination is made via manual labeling by analysts. However, manual labeling may be time intensive and, in consequence, difficult to scale. Unfortunately, traditional machine learning approaches to email classification may also fall short because (i) the characteristics of malicious files may change over time and (ii) traditional machine learning classifiers may not perform well when given data that lies outside the distribution of the training points used to train them. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for determining whether malicious files are targeted.